urlquery.net - Report

Overview

URL	css-navi.clan.su/_ld/0/76_1908_Crash..rar
IP	195.216.243.40
ASN	AS29226 CJSC Mastertel
Location	Russian Federation
Report completed	2018-07-11 15:48:17 CEST
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2018-07-11 15:47:10 CEST	2	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2018-07-11 15:47:10 CEST	1	Client IP	195.216.243.40	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-07-11 15:47:10 CEST	1	Client IP	195.216.243.40	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-07-11 15:47:11 CEST	1	Client IP	195.216.243.40	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-07-11 15:47:13 CEST	1	Client IP	195.216.243.40	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Blacklists

MDL	No alerts detected
OpenPhish	No alerts detected
PhishTank	No alerts detected
Fortinet's Web Filter	No alerts detected
DNS-BH	No alerts detected
mnemonic secure dns	No alerts detected

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.216.243.40

Date	UQ / IDS / BL	URL	IP
2019-02-06 10:14:57 +0100	0 - 0 - 1	css-strike.ru/_ld/2/217_1670_pubh0ok_1..rar	195.216.243.40
2019-01-30 15:34:02 +0100	0 - 0 - 1	css-strike.ru/_ld/2/216_1668_blackkpub1.rar	195.216.243.40
2019-01-27 03:27:19 +0100	0 - 0 - 1	porta1.3dn.ru/_ld/4/409_Anti-AFKv2.rar	195.216.243.40
2019-01-25 05:36:34 +0100	0 - 0 - 1	cheat.ucoz.co.uk/_ld/0/27_440_Iniuria_CSS.rar	195.216.243.40
2019-01-25 05:36:03 +0100	0 - 0 - 1	cheat.ucoz.co.uk/_ld/0/16_CD-Hack-Modific.rar	195.216.243.40
2019-01-15 15:15:32 +0100	0 - 0 - 1	porta1.3dn.ru/_ld/4/412_SA-MP_Trainer.rar	195.216.243.40
2018-12-24 07:06:23 +0100	0 - 0 - 1	cheat.ucoz.co.uk/_ld/0/27_440_Iniuria_CSS.rar	195.216.243.40
2018-12-21 16:08:24 +0100	0 - 1 - 0	ribkam.ru/	195.216.243.40
2018-12-16 08:38:28 +0100	0 - 0 - 11	klik1.ucoz.ru/dir/nepoznannoe/106	195.216.243.40
2018-12-16 06:47:48 +0100	0 - 0 - 1	porta1.3dn.ru/_ld/4/409_Anti-AFKv2.rar	195.216.243.40

Last 10 reports on ASN: AS29226 CJSC Mastertel

Date	UQ / IDS / BL	URL	IP
2019-02-16 02:19:46 +0100	0 - 2 - 2	u.to/ABlkFA	195.216.243.155
2019-02-15 15:20:46 +0100	0 - 0 - 1	redsigns.do.am/_ld/0/3_RFUFree_3.3.8.rar	195.216.243.39
2019-02-15 09:12:55 +0100	0 - 0 - 1	gtagamer.org/_ld/37/3711_Colormod-2-.rar	195.216.243.237
2019-02-15 03:54:29 +0100	0 - 0 - 1	bl-cs.ucoz.ru/_ld/0/30_Silent_Aim_CSGO.rar	195.216.243.31
2019-02-14 04:43:32 +0100	0 - 0 - 1	cheat-funny.ru/_ld/1/130_2374_chit_d3d_m.rar	195.216.243.8
2019-02-14 02:16:33 +0100	0 - 0 - 1	reff.moy.su/index/0-4	195.216.243.31
2019-02-14 00:13:11 +0100	0 - 0 - 1	cheat-funny.ru/_ld/1/130_2374_chit_d3d_m.rar	195.216.243.8
2019-02-13 19:46:38 +0100	0 - 0 - 1	nokia-e65.smartovik.ru/themes/Nice-Sunset.exe	217.67.179.222
2019-02-13 19:31:17 +0100	0 - 0 - 1	cheat-funny.ru/_ld/0/75_chit_kredity_wa.rar	195.216.243.8
2019-02-13 16:21:39 +0100	0 - 0 - 1	cheat-funny.ru/_ld/0/72_2320_engine7_ha.rar	195.216.243.8

No other reports on domain: clan.su

JavaScript

Executed Scripts (5)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (17)

Request	Response
GET /_ld/0/76_1908_Crash..rar HTTP/1.1 Host: css-navi.clan.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	$Magic: HTML document text\012 exported SGML document text Size: 2665 Md5: 4e8e963aac9e640a6a77df78ae5081c2$ 195.216.243.40 HTTP/1.1 503 Service Temporarily Unavailable Content-Type: text/html; charset=UTF-8 Server: nginx/1.8.0 Date: Wed, 11 Jul 2018 13:47:11 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=15 --- Additional Info --- Magic: HTML document text\012 exported SGML document text Size: 2665 Md5: 4e8e963aac9e640a6a77df78ae5081c2 Sha1: 651bd0fdba4763620d267d4ff4b3994ac57f5374 Sha256: bf08c841f19786c02634029d819c7807594b1c713645cbabc02250aae1e4d014 Alerts: IDS: - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1 Host: ajax.googleapis.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar	216.58.209.138 HTTP/1.1 200 OK Content-Type: text/javascript; charset=UTF-8 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * Timing-Allow-Origin: * Content-Length: 32954 Date: Mon, 02 Jul 2018 22:36:55 GMT Expires: Tue, 02 Jul 2019 22:36:55 GMT Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000 Age: 745815 --- Additional Info --- Magic: gzip compressed data, max compression Size: 32954 Md5: 68263720f8747715639ad6a9020dd9fa Sha1: 121c84759a7366e4a22da1c55f07bd25a3c3a6d9 Sha256: 8632e8030f860c40b4fef513a33ef06ba067b682d461e27d4ed4ff15ee87c836
GET /.serr/css/style.css HTTP/1.1 Host: css-navi.clan.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar	195.216.243.40 HTTP/1.1 200 OK Content-Type: text/css Server: nginx/1.8.0 Date: Wed, 11 Jul 2018 13:47:11 GMT Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=15 Etag: W/"5b45b395-4c25" Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 4288 Md5: d0f39f32aaa12c4c859ceaa37cfc1939 Sha1: 4357fcee86a3ad7021ee86c488637b64a8fb5c71 Sha256: ca887f3286831ee1ff78614f4347ef203068bc41b7812a82ad4a271384f14e8a Alerts: IDS: - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /.serr/js/core.js HTTP/1.1 Host: css-navi.clan.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar	195.216.243.40 HTTP/1.1 200 OK Content-Type: text/javascript Server: nginx/1.8.0 Date: Wed, 11 Jul 2018 13:47:11 GMT Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=15 Etag: W/"5b45b395-19e" Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 234 Md5: 6d2afededfa7410e2a2a1e4ac9bebb2e Sha1: f83e4b38412d51d14d6ccae931ec81152ce4ed9b Sha256: 287ef7fee8741c621fd524723adca348f2f1a9cf522ac12aa5c2971a5f1b6a3e
GET /.serr/img/favicon.ico HTTP/1.1 Host: css-navi.clan.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	195.216.243.40 HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: nginx/1.8.0 Date: Wed, 11 Jul 2018 13:47:11 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=15 Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 2561 Md5: 5585aa3a5ee4b83b05b5ca496a21e659 Sha1: dde6db45dcd453f44c0c2b9511b61fb69d5995d7 Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905 Alerts: IDS: - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /metrika/watch.js HTTP/1.1 Host: mc.yandex.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar	77.88.21.119 HTTP/1.1 301 Moved Permanently Content-Type: text/html Server: nginx/1.8.1 Date: Wed, 11 Jul 2018 13:47:10 GMT Content-Length: 184 Connection: keep-alive Location: https://mc.yandex.ru/metrika/watch.js --- Additional Info --- Magic: HTML document text Size: 184 Md5: 803493a1e438da1e67b84a76fa86bdda Sha1: 9dca8b04cd8f0f715f14546b5f747aabbba7de47 Sha256: 82e7512bb763ef84d4ff4c9f8998fbff4b461ee5416741db743d5e4584d2ec45
GET /.serr/img/ulogo.svg HTTP/1.1 Host: css-navi.clan.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/.serr/css/style.css	$Magic: SVG Scalable Vector Graphics image\012 XML document text Size: 4235 Md5: 993299552bfd263cd4a75ad398e75b58$ 195.216.243.40 HTTP/1.1 200 OK Content-Type: image/svg+xml Server: nginx/1.8.0 Date: Wed, 11 Jul 2018 13:47:11 GMT Content-Length: 4235 Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT Connection: keep-alive Keep-Alive: timeout=15 Etag: "5b45b395-108b" Accept-Ranges: bytes --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012 XML document text Size: 4235 Md5: 993299552bfd263cd4a75ad398e75b58 Sha1: 3fc9ad991516b8ad0c6553a05de4a8c9759c5020 Sha256: c660064588748948fcadc6a86b73dcb981d124c370b0ba764fe8a210854f6cd5
GET /.serr/img/404.png HTTP/1.1 Host: css-navi.clan.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/.serr/css/style.css	195.216.243.40 HTTP/1.1 200 OK Content-Type: image/png Server: nginx/1.8.0 Date: Wed, 11 Jul 2018 13:47:11 GMT Content-Length: 93328 Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT Connection: keep-alive Keep-Alive: timeout=15 Etag: "5b45b395-16c90" Accept-Ranges: bytes --- Additional Info --- Magic: PNG image, 555 x 289, 8-bit/color RGBA, non-interlaced Size: 93328 Md5: b49480282d51d93c68a9d6fefd3fdbde Sha1: ea45a1ca56f4d4342316c357a6d4b961a775ccb8 Sha256: 12c702f931513d9a38b2d17ee2acae1308486e7b38fab5adc84c1f02b72ac620 Alerts: IDS: - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
POST /gsorganizationvalsha2g2 HTTP/1.1 Host: ocsp2.globalsign.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Content-Length: 111 Content-Type: application/ocsp-request	104.18.20.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 11 Jul 2018 13:47:11 GMT Content-Length: 1570 Connection: keep-alive Set-Cookie: __cfduid=d649833144e207800a58950a63cdc20da1531316831; expires=Thu, 11-Jul-19 13:47:11 GMT; path=/; domain=.globalsign.com; HttpOnly Last-Modified: Wed, 11 Jul 2018 13:05:44 GMT Expires: Sun, 15 Jul 2018 13:05:44 GMT Etag: "9e90d6a48d363805266a5985b72f36311ba55af2" Cache-Control: public, no-transform, must-revalidate, s-maxage=3600 CF-Cache-Status: HIT Vary: Accept-Encoding Server: cloudflare CF-RAY: 438bb8746455429d-OSL --- Additional Info --- Magic: data Size: 1570 Md5: f244a8b59d7371c466a8a4c04a05297e Sha1: 9e90d6a48d363805266a5985b72f36311ba55af2 Sha256: bb326e16b1317f170c8c7b5408b86778412caf570fa1975184763d260b0c5a59
GET /metrika/watch.js HTTP/1.1 Host: mc.yandex.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar	77.88.21.119 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx/1.8.1 Date: Wed, 11 Jul 2018 13:47:11 GMT Content-Length: 42893 Last-Modified: Wed, 11 Jul 2018 12:52:56 GMT Connection: keep-alive Etag: "5b45fda8-a78d" Content-Encoding: gzip Expires: Wed, 11 Jul 2018 14:47:11 GMT Cache-Control: max-age=3600 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31536000 --- Additional Info --- Magic: gzip compressed data, from Unix, last modified: Wed Jul 11 13:20:33 2018 Size: 42893 Md5: b25438f962bb390cdb31b6764d2d8324 Sha1: 53360eb8759c949facd30b24dfc4d1b0f40db7b7 Sha256: c993c4cc851f929d93e0897b8d0a5f0e847b95a191510e0f9bb769dd1a67d8f3
GET /metrika/advert.gif HTTP/1.1 Host: mc.yandex.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar	77.88.21.119 HTTP/1.1 200 OK Content-Type: image/gif Server: nginx/1.8.1 Date: Wed, 11 Jul 2018 13:47:12 GMT Content-Length: 61 Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT Connection: keep-alive Etag: "561bb0f5-3d" Content-Encoding: gzip Expires: Wed, 11 Jul 2018 14:47:12 GMT Cache-Control: max-age=3600 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31536000 --- Additional Info --- Magic: gzip compressed data, was "advert.gif", from Unix, last modified: Mon Oct 12 15:06:12 2015 Size: 61 Md5: aad2d5e940637a676e25e6cc7a684a83 Sha1: c77946775d4c1719c48eb691edfbcf873b0738f5 Sha256: d9d219b8ba39a549d43400945b848dde73269f25dab5b75b85439c451ca0a525
OPTIONS /watch/24122689?wmode=7&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154711%3Aet%3A1531316832%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1183724667749%3Arqn%3A1%3Arn%3A22350734%3Ahid%3A478011455%3Awn%3A32318%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316833%3Au%3A153131683259207810%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 Host: mc.yandex.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Origin: http://css-navi.clan.su Access-Control-Request-Method: POST	77.88.21.119 HTTP/1.1 200 OK Server: nginx/1.8.1 Date: Wed, 11 Jul 2018 13:47:12 GMT Content-Length: 0 Connection: keep-alive P3P: CP="NOI DEVa TAIa OUR BUS UNI STA" Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Credentials: true Access-Control-Max-Age: 1728000 X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 --- Additional Info ---
GET /watch/24122689?wmode=5&callback=_ymjsp657322727&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154711%3Aet%3A1531316832%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1183724667749%3Arqn%3A1%3Arn%3A22350734%3Ahid%3A478011455%3Awn%3A32318%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316833%3Au%3A153131683259207810%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 Host: mc.yandex.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar	77.88.21.119 HTTP/1.1 302 Found Server: nginx/1.8.1 Date: Wed, 11 Jul 2018 13:47:12 GMT Content-Length: 0 Connection: keep-alive P3P: CP="NOI DEVa TAIa OUR BUS UNI STA" Last-Modified: Wed, 11 Jul 2018 13:47:12 GMT Expires: Wed, 11 Jul 2018 13:47:12 GMT Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Set-Cookie: yandexuid=9810880001531316832; domain=.yandex.ru; path=/; expires=Thu, 11-Jul-2019 13:47:12 GMT yabs-sid=890197201531316832; path=/ i=tX+Mtf72gsqlAXAwwpDRn0wqcl/F/6ForJH6OI8oPyRlZN9b337zeTA1//513QrgTikmLRkHuNq9HdWrtrKa/iXBjTE=; Expires=Thu, 11-Jul-2019 13:47:12 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly yp=1562852832.yrts.1531316832#1562852832.yrtsi.1531316832; domain=.yandex.ru; path=/; expires=Sat, 08-Jul-2028 13:47:12 GMT Location: https://mc.yandex.ru/watch/24122689/1?wmode=5&callback=_ymjsp657322727&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154711%3Aet%3A1531316832%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1183724667749%3Arqn%3A1%3Arn%3A22350734%3Ahid%3A478011455%3Awn%3A32318%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316833%3Au%3A153131683259207810%3At%3A503%20-%20Failed%20to%20load%20website X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 --- Additional Info --- Magic: gzip compressed data, from Unix Size: 1171 Md5: 3b654d8f23f835babd9fb5337f91ddaf Sha1: 72b1bd508b3c850d75c55a85718473c076acea45 Sha256: 2ee9ce85f16481613a1fa097da5a4a0fc2ff1ae5f91264e3e770106b95c2d167
GET /watch/24122689/1?wmode=5&callback=_ymjsp657322727&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154711%3Aet%3A1531316832%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1183724667749%3Arqn%3A1%3Arn%3A22350734%3Ahid%3A478011455%3Awn%3A32318%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316833%3Au%3A153131683259207810%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 Host: mc.yandex.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar Cookie: yandexuid=9810880001531316832; yabs-sid=890197201531316832; i=tX+Mtf72gsqlAXAwwpDRn0wqcl/F/6ForJH6OI8oPyRlZN9b337zeTA1//513QrgTikmLRkHuNq9HdWrtrKa/iXBjTE=; yp=1562852832.yrts.1531316832#1562852832.yrtsi.1531316832	77.88.21.119 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx/1.8.1 Date: Wed, 11 Jul 2018 13:47:12 GMT Content-Length: 111 Connection: keep-alive P3P: CP="NOI DEVa TAIa OUR BUS UNI STA" Last-Modified: Wed, 11 Jul 2018 13:47:12 GMT Expires: Wed, 11 Jul 2018 13:47:12 GMT Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 --- Additional Info --- Magic: ASCII text, with no line terminators Size: 111 Md5: aa17e56a9cd96530f4a89ade380d7703 Sha1: 131cf2d656c5c94250f6a1ddc05a52070b79e15d Sha256: 517dbb33606a37a06d6a1d28644a7cd752b6e362458375c396cc39da97632701
GET /.serr/img/favicon.ico HTTP/1.1 Host: css-navi.clan.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: _ym_uid=153131683259207810; _ym_d=1531316832; _ym_isad=2; _ym_visorc_24122689=w	195.216.243.40 HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: nginx/1.8.0 Date: Wed, 11 Jul 2018 13:47:14 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=15 Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 2561 Md5: 5585aa3a5ee4b83b05b5ca496a21e659 Sha1: dde6db45dcd453f44c0c2b9511b61fb69d5995d7 Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905 Alerts: IDS: - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
OPTIONS /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A7%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154727%3Aet%3A1531316848%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A227%3Als%3A1183724667749%3Arqn%3A2%3Arn%3A99341180%3Ahid%3A478011455%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316848%3Au%3A153131683259207810 HTTP/1.1 Host: mc.yandex.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Origin: http://css-navi.clan.su Access-Control-Request-Method: POST	77.88.21.119 HTTP/1.1 200 OK Server: nginx/1.8.1 Date: Wed, 11 Jul 2018 13:47:27 GMT Content-Length: 0 Connection: keep-alive P3P: CP="NOI DEVa TAIa OUR BUS UNI STA" Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Credentials: true Access-Control-Max-Age: 1728000 X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 --- Additional Info ---
GET /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A4%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154727%3Aet%3A1531316848%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A227%3Als%3A1183724667749%3Arqn%3A2%3Arn%3A99341180%3Ahid%3A478011455%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316848%3Au%3A153131683259207810 HTTP/1.1 Host: mc.yandex.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar Cookie: yandexuid=9810880001531316832; yabs-sid=890197201531316832; i=tX+Mtf72gsqlAXAwwpDRn0wqcl/F/6ForJH6OI8oPyRlZN9b337zeTA1//513QrgTikmLRkHuNq9HdWrtrKa/iXBjTE=; yp=1562852832.yrts.1531316832#1562852832.yrtsi.1531316832	77.88.21.119 HTTP/1.1 200 OK Content-Type: image/gif Server: nginx/1.8.1 Date: Wed, 11 Jul 2018 13:47:27 GMT Content-Length: 43 Connection: keep-alive P3P: CP="NOI DEVa TAIa OUR BUS UNI STA" Last-Modified: Wed, 11 Jul 2018 13:47:27 GMT Expires: Wed, 11 Jul 2018 13:47:27 GMT Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 --- Additional Info --- Magic: GIF image data, version 89a, 1 x 1 Size: 43 Md5: df3e567d6f16d040326c7a0ea29a4f41 Sha1: ea7df583983133b62712b5e73bffbcd45cc53736 Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87